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\^ Field of the invention 

) r~~^he invention is related tp^RADIUS-accounting communication and in particular [an 
()j> ' arrangement] a method/for assigning-unique identifiers for allowing communication 
between a GPRS (General Packet Radio Service)l-system and a RADRJS (Remote 
Authentication Dfal In User Service) server. 



cTproblcm areas 



JTL\DnJS (Remote Authentication Dial In User Service) is a protocol used to 
(j^ authenticate remj2fxe users logging in to a network and is used as the way to authenticate 
users in a GPRS-system. In case the RADIUS -server provides the subscriber with a 
dynamic Headdress to use, a RADIUS accounting-server is uses to mark the address as 
15 used and/freed. 





'he GPRS (General Packet Radio Service) offers a high-speed, packet-switched, mobile 
datacommunication network, where the subscribers can connect themselves to an 
external network from a mobile terminal. The GPRS system consists mainly of two 
20 nodes, where the Gateway GPRS Support Node (GGSN) is the component involved in 
this invention. 



(Internet Protocol)-address to route packets to and from the 



^F\^The subscribers need an 

0" external network. This atidress can be provided by a RADIUS-server, in which case a 
25 unique identifier must be provided to relate the subscriber to this IP-address. The 
identifier is described as/attribute Acct- Session-Id in IETF RFC 2139 (April 1997) 
"RADIUS Accounting"/ Due to the nature of a GPRS system, a subscriber will with a 
high degree of probability be connected to an external network for a long time, 
allocating the IP-addr6ss for an equally long period of time. 

\r\ f\ ^he RADIUS accounting server is requested to start an accounting session when the 
(jfcY (Jy RADIUS client sends an accounting start request towards the RADIUS accounting 
' server. This is done to mark the address as used by the subscriber in the RADIUS 
accounting server. The RfADIUS client in the accounting start request must give an 



35 identifier, and the same i 



entifier is sent in an accounting stop request to stop the 



accounting and release the IP-address. The identifier must be generated for each 



subscriber" connexion receiving an address from the RADIUS server, and it must be 
guaranteed to beoinique for each connection. 

e GPRS-system can be connected to several external networks, and all the networks 
ay use the same RADIU^server. The different networks may also contain the same 
range of addresses (private address-space), and hence the RADIUS server must be able 
to give out the same Headdress to subscribers belonging to the different external 
networks. 



n solution 




problems with, these. 



/The identifier is usually made from the time in the system acting as a client (usually an 
(fc / NAS) towards the RADIUS server. Other solutions are one or several counters that are 
incremented for each new accounting session and/or for each restart of the system. It is 
15 also known that some implementations use process identifiers as a part of the identifier. 

The main problem with the above-menfiefied solutions is that they all require system 
resources to create and maintain th^eneration of the identifiers. Getting the system- 
time does not require any storag^fbut may be inaccurate or inefficient in case of a large 
20 number of simultaneously^€quests for the system-time. Having counters to be 

incremented will use system memory, computational time to recalculate the values and 
some algorithm toxoid two subscribers getting the same value of the counter. The 
counter mustafso be large enough to generate enough identifiers to all the possible 
subscribep^ These values will not be predictable and are usually based on statistical 
25 distribution to assure uniqueness; hence they can not be guaranteed to be absolutely 






An object of the invention 
the art, by providing uniq 
resources other than thos^ 



is to overcome the problems related to prior art solutions in 
je identifiers without involving necessity for any new system 
already available. 



The method according to the invention includes the steps of: 



connecting one or more external networks to the GPRS system and identifying the 
or each network with an APN (Access Point Name), and 

assigning to an or each APN external network a gateway address, 
and the further steps of: 

passing an APN-external network authentication request from a GGSN (Gateway 

GPRS support Node) to said RADIUS server, 

providing from said RADIUS server to said GGSN upon such request a subscriber 
IP (Internet Protocol) address to be stored in said GGSN (Gateway GPRS Support 
Node), said subscriber IP address being unique for the respective APN external network 
defined in said GGSN, 

using said GGSN for combining the APN gateway address and the subscriber IP 
address, to form a unique subscriber identifier, and 

sending from said GGSN said identifier to the RADIUS server for accounting, e.g. 
in the form of an ASCII string. 

Further characteristic features of the invention will appear from the following 
description and the attached patent claims, and with reference to the enclosed drawing 
figures. 

Brief description of the drawings 



Figure 2 illustrates three external networks with a subscriber connected to each network. 



When connecting an external network to the GPRS system, the network is identified 
with an Access Point Name (APNY/tfuch as e.g. APN1 (see Figure 1). Each APN is 
given a gateway address GW in tile GGSN, as seen from the external network. By 
assuring that this IP-address manique for each APN defined in the GGSN, all the 
external networks will have its own, unique identifier. Since two subscribers (MS) in 
the same external network should never use the same IP-address at the same time, 
subscribers connecter to the same APN will always have different IP-addresses. The 



Figure 1 illustrates the basic steps for generating an identifier, and 




e invention is now to be described firstly with reference to Figure 1. 




4 

idea is to combine these two IP-addresses, the gateway-address for the APN and the 
address assigned to the subscriber, to form the identifier. 

nWhen the GGSN receives an IP^address to send to the subscriber from the RADIUS 
/ server, it looks up the gatewaj^address belonging to the external net to which the 
subscriber is connecting hiniself. This address has already been configured when the 
external network is attached to the GPRS-system, and checked to be unique within the 
GGSN 

To^bonstruct the identifier to send to tJ^RADIUS accounting-server the GGSN will 
w use these two available IP-addresses. The addresses can be appended to form a 
byte long identifier (incise of IP-addresses from IP version 4), or the numbers 
could be converted to ASOI numbers to make the string printable. When the numbers 
are converted it woujdoe wise to insert dots (ASCII value 46) between the decimal- 
groups in the addresses to be able to clearly see the addresses used in the identifier (e.g. 
for an operator looking into the accounting records). 



T /n 

Ja M 



atew£y-ad^ress= 129.24.24.1 
MS IP-address = 129.24.24.24 
ASCII codes: 129 24 24 1 129 24 24 24 (non printable) 

Or transform the number to ASCII codes for the numbers to make them printable: 

ASCII codes: 49 50 57 46 50 52 46 50 52 46 49 46 49 50 57 46 50 52 46 50 52 46 50 52 
(which would be readable as "129.24.24. 1 .129.24.24.24") 

The identifier is suitably passed to the RADIUS server as an ASCII string. (See Figure 
1) 



Thus, the gateway address is the address of the GPRS-system/GGSN as seen from the 
external network (APN, e.g. APN1) and the subscriber could be a mobile terminal MS 
connected to the external network through the GPRS-system. 



5 

On Figure 2, the subscribers MSI, MS2 and MS3 have for sake of reference to their 
respective networks APN1, APN2 and APN3 been indicated on the right hand side of 
the drawing figure. 



5 The APN name and the respective APN gateway address to the GGSN seen from the 
network are configured, as such new network is linked to the GPRS system. The 
operator will normally manually assign the APN name and the gateway address, and the 
RADIUS server is not involved in such operation. 

rigure 2 shows three external netwjaflcs connected to a GGSN node in a GPRS system. 
Each network has one subscrij>^r connected and all the three networks use the same 
RADIUS server for authprffication and dynamic IP-address allocation for the 
subscribers. Even thdugh the networks identified as APN2 and APN3 has assigned the 
same IP-addre^to the two subscribers, the identifier will be unique because of the 
is different gafeway addresses. Table I shows the generated identifiers for the three 
subset 



25 



)ers. 





Gateway Address 


Su^eftber IP 
.Address 


Identifier 


APN1 


129.24.24.1 / 


129.24.24.24 


"129,24.24.1.129.24.24.24" 


APN2 


193.25.01 / 


193.25.5.1 


"193.25.0.1.193.25.5.1" 


APN3 


193.26Xl 


193.25.5.1 


"193.26.01.193.25.5.1" 




/ 

Advantages 

e creation of the identifier used for amounting purposes described above will not 
involve any new resources than the oifes already available. Since the addresses already 
are unique, the combination of th^two addresses will form a perfectly valid identifier. 
This will not restrict any limrtafuons on concurrency regarding RADIUS accounting 
messages, and the identifier is guaranteed unique as long as the subscriber is still using 
the assigned IP-addre^s (i.e. no accounting stop has been sent towards the RADIUS 
server). The creation of the identifier will not use any extra resources whatsoever, and 
will always ba^vailable as long as an IP-address exists. 



30 The identifier will also be very predictable, and only by looking at this one can tell 
which external network the accounting record belongs to, as well as knowing the IP- 
addre&s for the subscriber. 



henever several IP-addresses are available, which together will identify the object in 
question uniquely, these adpresses can be concatenated to form a unique identifier. 



idpre: 



